Commit 53c6c902 authored by Tzung-Bi Shih's avatar Tzung-Bi Shih Committed by openeuler-sync-bot
Browse files

platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl 

stable inclusion
from stable-v5.10.177
commit f86ff88a1548ccf5a13960c0e7625ca787ea0993
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I88YNP

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f86ff88a1548ccf5a13960c0e7625ca787ea0993

--------------------------------

[ Upstream commit b20cf3f8 ]

It is possible to peep kernel page's data by providing larger `insize`
in struct cros_ec_command[1] when invoking EC host commands.

Fix it by using zeroed memory.

[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74



Fixes: eda2e30c ("mfd / platform: cros_ec: Miscellaneous character device to talk with the EC")
Signed-off-by: default avatarTzung-Bi Shih <tzungbi@kernel.org>
Reviewed-by: default avatarGuenter Roeck <groeck@chromium.org>
Link: https://lore.kernel.org/r/20230324010658.1082361-1-tzungbi@kernel.org


Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
(cherry picked from commit 1e069eb0)
parent 08014db9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment